Seattle Web Design
Blog > Is Your Website Really Secure?

Meet the author:
Jill Olkoski

Jill has a MA in Clinical Psychology, a BS in Computer Science, and a BS in Mechanical Engineering.

She currently owns Aldebaran Web Design in Edmonds (near Seattle WA) and enjoys educating her clients on topics related to small business website design.

In Jill's previous life, she spent 17 years in the engineering and quality organizations of a Fortune 100 tech company.

 


Is Your Website Really Secure?

June 9th, 2008

If you’re like me, you do quite of a bit online activities that utilize secure websites. Shopping on online stores, banking, and investing all require a secure connection between your browser and the website you are sending your private information to.

But how often do you notice whether the little padlock in the upper right hand corner of your browser is actually there? This article serves as a reminder to always, always, always check.

I went to a website recently that asked me some personal information, namely, my social security number. This request surprised me, especially given the nature of what I was trying to accomplish. So I looked at the website, and here’s a screenshot of what I saw (note, I’ve tried to hide the identity of the actual website, that’s why some parts are blurry):

Notice the nice “Welcome to our secure online loan application” and the Verisign secure seal? But look again. There’s no padlock icon in the upper right hand corner of the browser. And the website is not secure at all, because the URL is “http” and not “https”. If it’s not “https”, it’s NOT secure.

Needless to say, I wasn’t going to put in my social security number.

But I did some investigation, because I’m curious and quality minded. I thought, well, maybe the web designer just forgot to put the “s” in the URL. So I typed it in. Here’s what I got:

This is a warning from my browser telling me that the SSL certificate belongs to “secure1.valueweb.com” and that it doesn’t match the website that I’m on. Not looking good.

I try another tactic. I click on the Verisign seal. Here’s what I get:

When you click on these security seals, you are checking back with the company that issued the seal to see if indeed it matches the website that you’re on. In this case, I was on a mortgage site in Washington, and the seal belonged to a software company in California.

I clicked on the “Report Seal Misuse”, emailed the webmaster, and emailed the mortgage company. While I never heard back from Verisign or the webmaster, the mortgage company did contact me. Hopefully they’ll get it fixed soon.

So there’s a big lesson here. If you hire someone to build a website and you need a SSL installed, verify for yourself that it’s working. If it’s done correctly you should see a little padlock in the upper right hand corner of your browser. The URL should be “https”. You should get no browser warnings. And if you click on the SSL seal, it should match the website perfectly.

Without these things, consumer confidence will disappear, like mine did, and your customers will leave, just like I did.

Be careful out there!

Jill
--------------
J. Olkoski
Aldebaran Web Design, Seattle
Jill Olkoski has a BS in Engineering, a BS in Computer Science and an MA in Clinical Psychology. She delights in using her advanced technical and psychological skills to help small business owners develop cost-effective and successful websites.



Comments are closed.




Our Preferred Website Hosting Company:

Need A Logo?


99Designs.com

Our Favorite Website Traffic Analysis Tool:

Web-Stat hit counters
 ©2006 - © Aldebaran Web Design Seattle, A DBA of Aldebaran Services LLC
Blog Email Subscription:
Search Blog Articles: